ClawHub
Back to skill

Security audit

arXiv Explorer

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it searches arXiv and downloads PDFs, with only visible, purpose-aligned network and file-write behavior.

Install only if you are comfortable with searches being sent to arXiv and PDFs being written to paths you choose. Avoid confidential search terms because the search API endpoint is HTTP, and treat the QR code as an optional off-platform donation prompt rather than part of the skill’s function.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill clearly requires network access to search arXiv and download PDFs, but no permissions are declared. Undeclared network capability weakens transparency and policy enforcement because users and host systems cannot accurately assess what external access the skill will perform.

Context-Inappropriate Capability

Low
Confidence
80% confidence
Finding
The donation/support QR code is unrelated to the skill's stated arXiv-search purpose and introduces off-platform content that users may scan without understanding where it leads. While not directly exploitable in this markdown alone, it creates a social-engineering surface and unnecessary trust transfer outside the skill's core function.

Natural-Language Policy Violations

Low
Confidence
72% confidence
Finding
Forcing a specific payment/localization method and language context without user opt-in can mislead or exclude users and may nudge them toward an unintended external payment flow. In combination with the QR code, this slightly increases the chance of social engineering or user confusion, though the direct security impact is limited.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal